Both enriched and dynamic networks objects are used in firewall rules. Enriched network objects are static and require human intervention to be modified. Dynamic network objects categorize devices on the fly and in real time based on the legitimacy (or harmfulness) of the device behavior. Based on the assessment, the dynamic network objects can add two actions to firewall rules: add or remove the IP or MAC address to the source or destination of flow to the dynamic network object. The two actions provide extra qualities and possibilities to the management of firewall rules. Firewall policies add entries to the dynamic network object automatically in runtime. Entries are removed either by a firewall policy or automatically after a pre-defined timeout.
Dynamic network objects protect the network by automatically adapting to behavioral anomalies in the network. Administrators do not need to manually maintain huge and unwieldy lists of network objects. The automatic reaction to incidents frees administrators from manual intervention. The dramatically reduced reaction time allows for a proactive response to attacks. This minimizes the vulnerability of the network.
Dynamic network objects place measurable events and stateful properties in context using behavior and time. Behavioral and time-based dependencies lead to more granular and targeted firewall policies. Threat Defender combines these policies with isolated actions in a comprehensive security approach. Using the timeout functionality prevents over-reaction to incidents and frees up the network.